| Title | Denial of Service Detection Mitigation Scheme using Responsive Autonomic Virtual Networks (RAvN) |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Starke, Allen, Nie, Zixiang, Hodges, Morgan, Baker, Corey, McNair, Janise |
| Conference Name | MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM) |
| Date Published | nov |
| Keywords | adaptive policy updates, adaptive reconfigurable features, Adaptive systems, anomalous mitigation solutions, anomaly detection schemes, Autonomic Security, Centroid-based-based clustering technique, composability, computer network security, data features, decision making, decision making skills, feature extraction, gaussian distribution, high rate denial of service attacks, high rate DoS attacks, intragroup variance, IP networks, Kmeans, learning (artificial intelligence), low rate detection, machine learning, mitigation scheme, Monitoring, multivariate clustering method, multivariate gaussian distribution model, network configurations, network performance statistics, network traffic, ONOS SDN controller, open networking operating system, pattern clustering, pubcrawl, RAvN, Resiliency, responsive autonomic data-driven adaptive virtual networking framework, security of data, software defined networking, Software-Defined Networks, telecommunication traffic, traffic monitoring tools, unsupervised learning, unsupervised machine learning technique, virtualisation |
| Abstract | In this paper we propose a responsive autonomic and data-driven adaptive virtual networking framework (RAvN) that integrates the adaptive reconfigurable features of a popular SDN platform called open networking operating system (ONOS), the network performance statistics provided by traffic monitoring tools such as T-shark or sflow-RT and analytics and decision making skills provided from new and current machine learning techniques to detect and mitigate anomalous behavior. For this paper we focus on the development of novel detection schemes using a developed Centroid-based clustering technique and the Intragroup variance of data features within network traffic (C. Intra), with a multivariate gaussian distribution model fitted to the constant changes in the IP addresses of the network to accurately assist in the detection of low rate and high rate denial of service (DoS) attacks. We briefly discuss our ideas on the development of the decision-making and execution component using the concept of generating adaptive policy updates (i.e. anomalous mitigation solutions) on-the-fly to the ONOS SDN controller for updating network configurations and flows. In addition we provide the analysis on anomaly detection schemes used for detecting low rate and high rate DoS attacks versus a commonly used unsupervised machine learning technique Kmeans. The proposed schemes outperformed Kmeans significantly. The multivariate clustering method and the intragroup variance recorded 80.54% and 96.13% accuracy respectively while Kmeans recorded 72.38% accuracy. |
| DOI | 10.1109/MILCOM47813.2019.9020809 |
| Citation Key | starke_denial_2019 |
Denial of Service Detection Mitigation Scheme using Responsive Autonomic Virtual Networks (RAvN)